[RFC] Authentication and supporting Push through bzr+http://
John Arbash Meinel
john at arbash-meinel.com
Sat Dec 16 00:28:06 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've been trying to think about how to expose both a readonly and
write-if-authenticated smart server support for the bzr+http://
protocol. I have a general idea that I wanted to discuss, though I'm not
sure how to actually implement it yet.
Basically, you would configure 2 SmartWSGIApps, one using a readonly
transport, and one with a normal transport. (By the way, one of the
*really* *really* weird things about this layering is that you could
actually expose a connection to a 3rd party machine using bzr+ssh or
sftp as the back end :)
Anyway, you would check if the user had been authenticated, and if they
had, you would call writable_wsgi_server.run(req) versus
readonly_wsgi_server.run(req).
The real trick is that if you get a TransportNotPossible, you could
translate it into a HTTP 401 "Unauthorized" response.
If Vincent has gotten the 401 handling correct (which I believe he has),
this would mean we prompt the user for a username and password, and then
continue onwards to connect with a username, which now causes us to get
the writable server.
I think that would be very nice and seamless.
Looking at it more closely, though, it seems that it should be done in
the SmartWSGIApp itself, rather than in a wrapper. It might even need to
be done deeper down, because the SmartTransport itself is already
returning a 'ReadOnlyError'.
Maybe it would be better to have a different decorator. Instead of
'readonly+' we would have 'writable-requires-auth+'. So it would raise
'MustAuthenticate' if a write operation was requested, and
write_supported was not set.
Anyway, we have some more layering issues, where the layer that knows
what is going on isn't the one able to do anything about it.
Of course, the cheater way to do it is to just have 2 different apps,
and if environ.get('REMOTE_USER', None) you use the writable one. So
then if the user uses a url like:
bzr+http://joe@host.com/
Then they will be required to authenticate, but if they use:
bzr+http://host.com/
Then it would be readonly.
Thoughts?
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFgz2WJdeBCYSNAAMRAhMDAJ9Lye3AuRETBFGrbAqiq7Qxe7DebQCfeldL
cDN5EkkLu/BHBMQV0PaUDpk=
=+Vge
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list